[gentoo-announce] [ GLSA 200603-22 ] PHP: Format string and XSS vulnerabilities - gentoo-announce

From:	Sune Kloppenborg Jeppesen <jaervosz@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200603-22 ] PHP: Format string and XSS vulnerabilities
Date:	Wed, 22 Mar 2006 23:30:08
Message-Id:	`200603230006.04452.jaervosz@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200603-22

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: PHP: Format string and XSS vulnerabilities

9

      Date: March 22, 2006

10

      Bugs: #125878

11

        ID: 200603-22

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities in PHP allow remote attackers to inject

19

arbitrary HTTP headers, perform cross site scripting or in some cases

20

execute arbitrary code.

21

22

Background

23

==========

24

25

PHP is a general-purpose scripting language widely used to develop

26

web-based applications. It can run on a web server with the mod_php

27

module or the CGI version and also stand-alone in a CLI.

28

29

Affected packages

30

=================

31

32

    -------------------------------------------------------------------

33

     Package       /  Vulnerable  /                         Unaffected

34

    -------------------------------------------------------------------

35

  1  dev-lang/php       < 4.4.2                               >= 5.1.2

36

     dev-lang/php      *>= 5.1.1                              >= 5.1.2

37

     dev-lang/php      *>= 5.0.5                              >= 5.1.2

38

     dev-lang/php      *>= 5.0.4                              >= 5.1.2

39

40

Description

41

===========

42

43

Stefan Esser of the Hardened PHP project has reported a few

44

vulnerabilities found in PHP:

45

46

* Input passed to the session ID in the session extension isn't

47

  properly sanitised before being returned to the user via a

48

  "Set-Cookie" HTTP header, which can contain arbitrary injected data.

49

50

* A format string error while processing error messages using the

51

  mysqli extension in version 5.1 and above.

52

53

Impact

54

======

55

56

By sending a specially crafted request, a remote attacker can exploit

57

this vulnerability to inject arbitrary HTTP headers, which will be

58

included in the response sent to the user. The format string

59

vulnerability may be exploited to execute arbitrary code.

60

61

Workaround

62

==========

63

64

There is no known workaround at this time.

65

66

Resolution

67

==========

68

69

All PHP 5.x users should upgrade to the latest version:

70

71

    # emerge --sync

72

    # emerge --ask --oneshot --verbose ">=dev-lang/php-5.1.2"

73

74

All PHP 4.x users should upgrade to the latest version:

75

76

    # emerge --sync

77

    # emerge --ask --oneshot --verbose ">=dev-lang/php-4.4.2"

78

79

References

80

==========

81

82

  [ 1 ] CVE-2006-0207

83

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0207

84

  [ 2 ] CVE-2006-0208

85

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208

86

  [ 3 ] Hardened-PHP Advisory 01/2006

87

        http://www.hardened-php.net/advisory_022006.112.html

88

  [ 4 ] Hardened-PHP Advisory 02/2006

89

        http://www.hardened-php.net/advisory_012006.113.html

90

91

Availability

92

============

93

94

This GLSA and any updates to it are available for viewing at

95

the Gentoo Security Website:

96

97

  http://security.gentoo.org/glsa/glsa-200603-22.xml

98

99

Concerns?

100

=========

101

102

Security is a primary focus of Gentoo Linux and ensuring the

103

confidentiality and security of our users machines is of utmost

104

importance to us. Any security concerns should be addressed to

105

security@g.o or alternatively, you may file a bug at

106

http://bugs.gentoo.org.

107

108

License

109

=======

110

111

Copyright 2006 Gentoo Foundation, Inc; referenced text

112

belongs to its owner(s).

113

114

The contents of this document are licensed under the

115

Creative Commons - Attribution / Share Alike license.

116

117

http://creativecommons.org/licenses/by-sa/2.0

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200603-22
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: PHP: Format string and XSS vulnerabilities
9	Date: March 22, 2006
10	Bugs: #125878
11	ID: 200603-22
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities in PHP allow remote attackers to inject
19	arbitrary HTTP headers, perform cross site scripting or in some cases
20	execute arbitrary code.
21
22	Background
23	==========
24
25	PHP is a general-purpose scripting language widely used to develop
26	web-based applications. It can run on a web server with the mod_php
27	module or the CGI version and also stand-alone in a CLI.
28
29	Affected packages
30	=================
31
32	-------------------------------------------------------------------
33	Package / Vulnerable / Unaffected
34	-------------------------------------------------------------------
35	1 dev-lang/php < 4.4.2 >= 5.1.2
36	dev-lang/php *>= 5.1.1 >= 5.1.2
37	dev-lang/php *>= 5.0.5 >= 5.1.2
38	dev-lang/php *>= 5.0.4 >= 5.1.2
39
40	Description
41	===========
42
43	Stefan Esser of the Hardened PHP project has reported a few
44	vulnerabilities found in PHP:
45
46	* Input passed to the session ID in the session extension isn't
47	properly sanitised before being returned to the user via a
48	"Set-Cookie" HTTP header, which can contain arbitrary injected data.
49
50	* A format string error while processing error messages using the
51	mysqli extension in version 5.1 and above.
52
53	Impact
54	======
55
56	By sending a specially crafted request, a remote attacker can exploit
57	this vulnerability to inject arbitrary HTTP headers, which will be
58	included in the response sent to the user. The format string
59	vulnerability may be exploited to execute arbitrary code.
60
61	Workaround
62	==========
63
64	There is no known workaround at this time.
65
66	Resolution
67	==========
68
69	All PHP 5.x users should upgrade to the latest version:
70
71	# emerge --sync
72	# emerge --ask --oneshot --verbose ">=dev-lang/php-5.1.2"
73
74	All PHP 4.x users should upgrade to the latest version:
75
76	# emerge --sync
77	# emerge --ask --oneshot --verbose ">=dev-lang/php-4.4.2"
78
79	References
80	==========
81
82	[ 1 ] CVE-2006-0207
83	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0207
84	[ 2 ] CVE-2006-0208
85	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208
86	[ 3 ] Hardened-PHP Advisory 01/2006
87	http://www.hardened-php.net/advisory_022006.112.html
88	[ 4 ] Hardened-PHP Advisory 02/2006
89	http://www.hardened-php.net/advisory_012006.113.html
90
91	Availability
92	============
93
94	This GLSA and any updates to it are available for viewing at
95	the Gentoo Security Website:
96
97	http://security.gentoo.org/glsa/glsa-200603-22.xml
98
99	Concerns?
100	=========
101
102	Security is a primary focus of Gentoo Linux and ensuring the
103	confidentiality and security of our users machines is of utmost
104	importance to us. Any security concerns should be addressed to
105	security@g.o or alternatively, you may file a bug at
106	http://bugs.gentoo.org.
107
108	License
109	=======
110
111	Copyright 2006 Gentoo Foundation, Inc; referenced text
112	belongs to its owner(s).
113
114	The contents of this document are licensed under the
115	Creative Commons - Attribution / Share Alike license.
116
117	http://creativecommons.org/licenses/by-sa/2.0

Gentoo Archives: gentoo-announce